CN107533619A - Workflow device is simulated by Social Engineering - Google Patents
Workflow device is simulated by Social Engineering Download PDFInfo
- Publication number
- CN107533619A CN107533619A CN201680019962.9A CN201680019962A CN107533619A CN 107533619 A CN107533619 A CN 107533619A CN 201680019962 A CN201680019962 A CN 201680019962A CN 107533619 A CN107533619 A CN 107533619A
- Authority
- CN
- China
- Prior art keywords
- message
- tissue
- platform
- described device
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Provide a kind of for assessing system of the tissue to the neurological susceptibility of Social Engineering, multiple members of the tissue with multiple sources and using electronic equipment.The system includes the device with multiple sources traffics, and its associated person information for being configured as fetching member simultaneously detects trigger event from multiple sources.The system includes the platform away from device, and the platform is configured as receiving the signal of instruction trigger event from device, and includes the communication of template based on the preparation of each trigger event and include the communication of template to device transmission.When receiving communication, device is configured as fetching the associated person information of intended recipient member, is created message based on the template and sent the message to the intended recipient member.Platform does not receive the associated person information of multiple members from device.
Description
Technical field
The present invention relates generally to the neurological susceptibility to Social Engineering's (such as phishing);And relate more specifically to be used as
Test and/or reduce system and software of the tissue to the neurological susceptibility of Social Engineering.
Background technology
Social Engineering includes manipulating (for example, psychology manipulates) people to perform action or disclose secrets to information, such as people
Generally will not disclosed information.This information can be used for the purpose of various malice, for example, electronic theft, fraud etc..Social work
A kind of form in journey is phishing.Phishing be a kind of fraudulent obtain the technology of confidential information.For example, network fishes
Fish person can send message to recipient, such as Email, text, SMS, call, voice mail, pre-recorded disappear
Breath etc..The message can ask recipient to take some actions, for example, clickthrough, opening and/or download file, offer machine
Confidential information etc..For link, recipient can be taken to the name request recipient based on falseness and provide confidential information by link
Website.Other links, which can take recipient to, to be designed to malicious code (for example, from electronic equipment capture recipient's
Code of personal information etc.) website that downloads on the electronic equipment of recipient.Phishing message can be designed as itself
It is difficult to, for example, message includes to be written as including information etc. to seem to come from legal source.
The content of the invention
One embodiment of the present of invention is related to a kind of for assessing system of the tissue to the neurological susceptibility of Social Engineering.Described group
Knit multiple members with multiple sources and using electronic equipment.The system includes the device to be communicated with the multiple source.
Described device is configured as the associated person information from the multiple member of at least one reception in the source.Described device by with
It is set to trigger event of the detection from the multiple source.The system includes the platform away from described device.The platform by with
It is set to the signal that the trigger event that instruction detects is received from described device.The platform is configured as being based on the trigger event
In each prepare the communication for including template.The platform is configured as sending to described device and communicated.Receiving
When stating communication, described device is configured as fetching the associated person information of intended recipient member, with based on the template come
Message is created, and the message will be sent to the intended recipient member.The platform does not receive described more from described device
The associated person information of individual member.
Another embodiment of the present invention is related to a kind of method for reducing the neurological susceptibility to the tissue of Social Engineering.The tissue
With multiple sources.Methods described includes receiving the associated person information of the multiple member of the tissue.Methods described includes pin
Each in the source is monitored to trigger event.Methods described is included based on the trigger event detected, by the tissue
At least one member be identified as intended recipient.Methods described includes the characteristic based on the trigger event detected come accurate
The standby message for arriving the intended recipient.The message solicits the action carried out by the intended recipient.Methods described includes
The message is sent to intended recipient.Whether methods described includes determining the intended recipient as solicited as the message
To take action.The action that methods described includes to the intended recipient is assessed.
Another embodiment of the present invention is related to a kind of for assessing to catalogue, multiple databases and message transfer service
Tissue Social Engineering neurological susceptibility system.The system includes device.Described device is configured as connecing from the catalogue
Receive the address book of the associated person information of the member with the tissue.Described device is configured to connect to the multiple database
With the message transfer service.Described device is configured as monitoring the multiple database for trigger event and the message passes
Send system.The system includes platform.The platform be configured as from described device receive instruction identified by described device it is tactile
The signal of hair event.The platform is configured as based on the signal come drawing template establishment.The platform is configured as to the dress
Put and send the template.Described device is configured as being created to the message of intended recipient based on the template.The platform
It is configured to determine that whether the intended recipient takes predetermined action in response to the message.The platform is configured as ringing
Message described in Ying Yu and the statistics to being acted on the trigger event, the message and the intended recipient is compiled.
Another embodiment of the present invention is related to a kind of for assessing system of the tissue to the neurological susceptibility of Social Engineering.Described group
Knit multiple members with multiple sources and using electronic equipment.The system includes device.Described device is configured as from described
At least one reception address book in source, the address book are included on the identification of each in multiple members of the tissue
Information and associated person information.Described device is configured as Aliasing at least some carry out in the identification information and sharp
The associated person information is replaced with the address book for Making Alias with identifier.To be based on pre-defined algorithm by Aliasing information
Come what is determined.The system includes being configured as the platform that Aliasing address book is received from described device.Described device by with
Trigger event of the detection from the source is set to, and the instruction of the trigger event is sent to the platform.The platform quilt
It is configured to provide communication to described device, the communication includes the source template based on the trigger event, the finger of transfer mode
Show, the transmission identifier of one and dispatch command as known to described device for being mapped in the member of the tissue.
Described device is configured as based on the mould of each in the intended recipient for the information in the address book
Plate come create personalization message.It is multiple to being separated with the platform that described device is configured as the type based on the message
One in server sends the message, described in one in the server is configured as sending to the intended recipient
Message.Described device is configured as monitoring the response to the message from the intended recipient.Described device is configured
It is not Aliasing to carry out other parts that are Aliasing, retaining the response to the part of the response, and it is based on pre-defined algorithm
To summarize the part of the response, and to the platform send the response it is Aliasing, not Aliasing with
And the part of general introduction.
The exemplary embodiment of replacement is related to other features and the group of feature as can be generally recorded in the claims
Close.
Brief description of the drawings
The application will be more fully understood according to described in detail below with reference to accompanying drawing, reference similar in the accompanying drawings refers to
For similar element, wherein:
Fig. 1 be show according to exemplary embodiment include Workflow device be used for test and/or reduce tissue pair
The block diagram of the system of the neurological susceptibility of Social Engineering;
Fig. 2 be show according to the Workflow device including Fig. 1 of exemplary embodiment be used for test and/or reduce group
Knit the flow chart of the method for the operation of the system to the neurological susceptibility of Social Engineering;And
Fig. 3 be show according to exemplary embodiment include Workflow device be used for test and/or reduce tissue pair
The block diagram of the system of the neurological susceptibility of Social Engineering.
Embodiment
Refer to the attached drawing, generally many tissues (for example, company, government, association etc.) are intended to reduce to the easy of Social Engineering
Perception.With electronic equipment and its surge used in the tissue, many tissues, which all have, provides instruction to chance
Multiple sources of information, for example, can instruct the moment, it is probably to be used to start Social Engineering's neurological susceptibility assessment for the instruction of the chance
And/or reduce the effective or reasonable time and/or situation of motion (campaign), test etc..The reality of system described herein
Apply example to be configured as this instruction to chance come the source of monitoring information, and automatic (for example, without user intervention) opens
Motion, test etc. are assessed and/or reduced to dynamic Social Engineering neurological susceptibility.
For example, catalogue, database, management system, message transfer service and event that source can include different networkings are rung
Answer system.Many tissues can have multiple members that the various pieces with tissue interact, such as employee etc..In member
Many members use electronic equipment, such as computer, laptop computer, smart phone, PDA etc..Such electronic equipment can
Be configured as such as by internet, cellular network, tissue network, LAN, WAN, Wifi with other electronic equipments, tissue
Etc. being communicated.Many in these equipment can be with catalogue, database, management system, message transfer service, the event of networking
At least one in response system etc. is communicated, and these catalogues can include the information used on electronic equipment.
Chance can be provided by many different events (such as action on an electronic device) carried out throughout the member of tissue, such as
It can instruct the moment, as discussed above.
It is example after these events or action soon for example, when some events occurring in the tissue or employee acts
Social Engineering's neurological susceptibility of tissue is such as reduced come the test or motion of automatic start or triggering by event or employee's action, used
It can be enhanced in the effect of the action for the Social Engineering's neurological susceptibility for reducing tissue.However, the not catalogue in tissue, data
All in storehouse, management system, message transfer service and emergency response system can perceive event or employee's action.Cause
This, in one embodiment, there is provided with many catalogues in whole tissue, database, management system, message transfer service and
The system that emergency response system is communicated, and the system is configured as being based on from inter-organization catalogue, database, pipe
The information of reason system, message transfer service and emergency response system takes various actions.
In addition, in one embodiment, system includes device, such as Workflow device.Workflow device be configured as from
Collect information in source (for example, catalogue, database, management system, message transfer service and emergency response system in tissue).So
And Workflow device maintains the information being collected at tissue, such as physical hardware Workflow device, described device is protected
Hold and be physically located at tissue, and the information being collected into is maintained in tissue;Or the work that just virtual and/or software is realized
For flowing device, the information being collected into is maintained in the control of system, Virtual base framework and/or tissue.
In addition, in one embodiment, described device is configured as being communicated with outside platform, the outside platform is all
Such as example as the software of service platform, the service platform is configured to supply Social Engineering's test or moved to reduce group
Knit the analysis to the neurological susceptibility of Social Engineering and test or motion.Described device collects identification information and/or associated person information,
For example, from catalogue, database, management system, message transfer service and emergency response system such as organized etc for example
E-mail address, telephone number, Mobile Directory Number, social media identifier (such as, the FACEBOOOK of the employee of tissue
Account ID, TWITTER user names etc.).Described device is configured as anonymous associated person information, and ought will start Social Engineering
When motion, test etc., anonymous associated person information is transmitted to the platform.Therefore, the identity of the member of tissue and/or contact person
Information is maintained in tissue, for example, being not transferred to outside tissue or outside the control of tissue.When platform is touched by described device
When hair is to create the template for the intended recipient member of tissue, the platform is sent to described device to be included contacting with anonymous
The communication of the associated template of people's information.Described device according to anonymity associated person information come determine reality associated person information,
Create message based on template and send message to intended recipient.Therefore, actual associated person information is not transferred to tissue
Outside, this is probably desired for some tissues.
With reference to figure 1, the embodiment of system 100 is shown, system 100 is for example for assessing and/or reducing tissue to social activity
The system of the neurological susceptibility of engineering.System 100 includes the platform 102 away from tissue.Platform 102 be Social Engineering test, improve and/
Or neurological susceptibility Evaluation Platform, it is configured as test organization to the neurological susceptibility of Social Engineering, assessment, analysis and provided on right
The measurement of the neurological susceptibility of the Social Engineering of tissue simultaneously trains the member of tissue to reduce the neurological susceptibility to Social Engineering.Platform 102
It is configured as preparing the communication for including template, the template can be used for establishment can be (all via various forms, agreement, equipment etc.
Such as example, Email, text, SMS, phone, voice mail) be passed to tissue member message.The message is solicited
Recipient takes action, for example, clickthrough, download or upper transmitting file, provide confidential information, manual reset message, automatically reply
Message (such as " out of office "), including the reply or interaction wherein solicited are via with receiving the logical of message by it
The different communication media of medium is believed come the reply carried out or the situation of interaction, for example, telephone message solicits electronic mail reply, electricity
Sub- email message solicits text message reply etc..In one embodiment, message can include link, the link be configured as by
The net that recipient is taken on the confidential information solicited from recipient and/or the electronic equipment that malicious code is downloaded into recipient
Stand.Platform 102 and/or Workflow device 104 are configured as monitoring and/or determine whether recipient uses solicited action.
In addition, platform 102 and/or Workflow device 104 can be configured as summarizing confidential information (for example, hash (hash)
Deng) (or instructing the webserver of recipient so to do), collect general introduction information and abandon confidential information so that platform 102
Do not collect confidential information.For example, platform 102 can collect the quantity and/or type of the character in confidential information, but do not collect
Confidential information is in itself.In addition, platform 102 is configured as assessing collected information, such as benchmark test etc. is performed, to provide number
According to notifying that further training is so as to reducing the neurological susceptibility to Social Engineering.In one embodiment, platform 102 is used as software quilt
Be embodied as service platform, for example, in cloud, away from client tissue and first-class not by the server of the client organizational controls
Deng tissue obtains license and uses platform 102.In other embodiments, platform 102 can be with software, hardware or software and hard
The combination of part is provided to tissue.
In one embodiment, system 100 also includes the device for being illustrated as Workflow device 104.In one embodiment,
Workflow device 104 can be virtual bench, for example, Hypervisor's server, VMWare, Microsoft Hyper-V,
It is implemented in the software of the upper operation such as Citrix XenServer, Oracle VM Virtualbox, GNU/Linux KVM.
In another embodiment, Workflow device 104 can include hardware processor at the client tissue of runs software
Physical unit, the software is configured as realizing the function of Workflow device 104 as described below, the physical unit example
Such as, standard personal computer hardware, PC or MAC, such as Blackberry PI midget plant or can be server category
Frame installs hardware.In any case, in one embodiment, Workflow device 104 is in the control of tissue, for example, thing
It is implemented in reason at tissue, to operate in the software on the server by organizational controls, in the virtual base by organizational controls
Worked on plinth framework, in environmental interior of tissue etc..
Workflow device 104 is communicated with the source 106 organized.In one embodiment, Workflow device 104 is given
The limited read-only access of the part in source 106 or source is weighed.Source 106 can include catalogue 108, such as, employee's contact
People's message catalog, can be from Active Directory (ACTIVE DIRECTORY) that MICROSOFT is obtained, LDAP
(LDAP) catalogue, OpenLDAP catalogues and replacement identity management services including combining id systems, etc..In an implementation
In example, Workflow device 104 is led to by LDAP (LDAP) connector 110 with each in catalogue
Letter.Source 106 can also include enterprise database 112, such as correlation system, for example, oracle database, Sybase,
Microsoft SQL、IBM DB2、Oracle MySQL;Dereferenced formula flat file format, for example, comma separated value (CSV) or
Fixed-length format, non-sql technologies, such as HADOOP etc..Workflow device 104 passes through SQL (SQL) or class
Communicated like connector 114 with each in enterprise database 112.Source 106 can also include learning management system 116,
Such as MOODLE, SCORM CLOUD, MEDIAPRO etc..Workflow device 104 passes through FTP (FTP) or web
Service adapter 118 is communicated with each in learning management system 116.Source 106 can also include message transfer service
120, such as, e-mail system, text messaging system, instantaneous communication system such as Microsoft
Exchange, IBM cooperative system (Lotus), other e-mail systems using IMAP or POP agreements, other non-electronic postals
Part system gateway is such as SMS or telephony gateway.Workflow device 104 is by IMAP/POP or web services connector 122 with disappearing
Each in breath transmission system 120 is communicated.Source 106 can also include event response source 124, such as system or daily record,
Such as the I.T. of the tissue of report supports the daily record of event, the help of member for giving tissue etc..Event response source can include
Via any server or Networking Solutions & provisioned that event log is provided such as event log (Event Logs), Syslog.
Workflow device 104 by connector 126 (for example, SYSLOG, database or web services) with it is every in event response source 124
One is communicated.
It is exemplary in the connector of each listed above that Workflow device 104 is connected in source.At it
In his embodiment, other suitable connectors can be used.
In one embodiment, Workflow device 104 is configured as the member from least one reception tissue in source 106
Associated person information.For example, the e-mail address book of tissue can be transferred to Workflow device from least one in source 106
104.In one embodiment, the telephone number of the member of tissue, instant message transmission information and/or other associated person informations can
To be sent to Workflow device 104 from source 106.However, because Workflow device 104 under the control of tissue, contacts
People's information is not transferred to outside tissue and/or outside the control of tissue.In one embodiment, the contact person of the member of tissue
Information can include the telephone number (such as speech network fishing test) of the member of such as tissue, the member of tissue
Mobile Directory Number (such as SMS text can be sent to the member of tissue by it and tested for SMS phishings
), and/or tissue member social media identifier, such as FACEBOOK account identifiers, TWITTER user names etc..
In one embodiment, identification information can include attribute or associated with attribute, for example, based on the general of risk
State information.For example, an attribute can be the instruction of the department of employee, section office, position, language etc..In addition, the category based on risk
Property whether can be called more than once during scheduled time slot including employee Help Desk reset before password, employee whether
The instruction of virus etc. is found that on its electronic equipment.These attributes can be used by Workflow device 104, such as selecting
By as Social Engineering move and/or test in participant employee, based on attribute to Social Engineering and/or the result of test
Analyzed and/or benchmark test, for example, carrying out benchmark test across tissue and/or in a part for tissue.In addition, one
In individual embodiment, to Social Engineering move and/or test result carry out benchmark test and/or analysis can relative to this
Carried out in tissue identical industry or across different its industrial hetero-organization.
In one embodiment, Workflow device 104 be configured as regularly automatically (for example, without user intervention) from
Source 106 determines whether to have carried out associated person information any renewal, such as, if add or removed and be any extra
Employee, whether have changed any associated person information etc., and correspondingly update the associated person information note of Workflow device 104
Record.
In one embodiment, if Workflow device 104 determines the connection for the member including tissue being stored on source 106
It is that the address book of people's information has been updated, then Workflow device 104 will be automatically imported newest address book and/or newest contact
Information.In one embodiment, the frequency of the monitoring of Workflow device 104 address book can be adjusted by user.In addition, workflow
Device 104 initiates new stories training when can be configured as detecting the associated person information of the renewal including new stories, such as
Social Engineering's neurological susceptibility training, the specific training of tissue, the investigation based on risk, the test of simulation Social Engineering etc..
In addition, in one embodiment, Workflow device 104 be configured as regularly monitoring in source 106 each with
Determine whether to have occurred and that trigger event (such as event based on risk etc.).With reference to figure 2, in step 202, Workflow device
104 are configured as monitoring source for trigger event.In step 204, when the triggering thing for detecting one in source 106
During part, Workflow device 104 is configured as determining the member for being used to receive message in the member of tissue based on trigger event
Or packet.Then, in step 206, Workflow device 104 determine tissue member in be used for receive message member or point
The associated person information of group.
In one embodiment, Workflow device 104 is configured as each in the member of the tissue in address book
Associated person information (for example, e-mail address etc.) be mapped to transmission identifier.In one embodiment, transmitting identifier is
Hexadecimal digit, such as generate at random, etc..In one embodiment, it is not actual contact information to transmit identifier
And not e-mail address, this can be favourable, because if it is e-mail address to transmit identifier, then possess this
The third party of e-mail address may to tissue member (for example, be not phishing analog service provider nor
The tissue) Email is sent, this is probably undesirable.In addition, it is not email forwarding address alias to transmit identifier.
In a step 208, Workflow device 104 creates for each in the intended recipient member of tissue and transmits mark
Know symbol.Transmit the associated person information and/or identity ambiguous for the member that identifier is configured as making tissue so that the information will not be from
The control of tissue is opened, and causes platform 102 from determining the contact of each in the member of tissue based on transmission identifier
People's information and/or identity.In step 210, Workflow device 104 is configured as with what is organized to turn into transmission identifier
Each in the member of the intended recipient of message is associated, for example, in a lookup table etc. so that Workflow device 104
Can based on transmit identifier determine the associated person information for being used to receive each member in the member of message in tissue and/
Or identity.In the step 212, Workflow device 104 is configured as sending the triggering associated with transmitting identifier to platform 102
The instruction of event and/or to platform 102 transmit identifier.In step 214, instruction of the platform 102 based on trigger event prepares
Template, and the communication for including template is sent to Workflow device 104.In one embodiment, template is based on trigger event
The email template for indicating and preparing.
In one embodiment, transmission identifier is created using Cryptographic Hash Function.In other embodiments, mark is transmitted
Unique, non-email address designator can be included by knowing symbol.In another embodiment, random generation transmits identifier to keep away
Exempt from leakage of information, if for example, the identity of the member of tissue is alphabet sequence tissue, nonrandom transmission identifier is for example
User 1 (" user1 ") may indicate that user 1 is the first member of alphabetical tissue.Information is not provided by providing
To the transmission identifier of platform 102, Workflow device 104 can be avoided on the identity of organizational member or associated person information
Leakage of information is to platform 102.
In one embodiment, Workflow device 104 is configured as being created to based on the template received from platform 102
The message of intended recipient, and Workflow device 104 will send created message to intended recipient via e-mail,
As described further below.Platform 102 is configured as inserting label in a template.Label will indicate that Workflow device 104 exists
Message position is created in message, within the message including associated person information and/or identification information and including contact person
The type of information and/or identification information, for example, being carried out to message personalized.
For example, email template can include " Hello { emailFirstName:user1@pva}”.Platform 102 is not
Associated person information or identification information with intended recipient.Based on " Hello { emailFirstName:User1@pva } ", work
Making stream device 104 can be configured as creating following Email:The name started with " Hello " followed by intended recipient,
Workflow device 104 has the access right to the name of the intended recipient, but platform 102 does not have to the intended recipient
Surname access right.
Template can also include soliciting the instruction that intended recipient takes action.Workflow device 104 can be based on for example
Soliciting in email template is configured as the link included in the e-mail to website.Link includes identification information,
The identification information indicates clickthrough to Workflow device 104 and is brought to the transmission identifier of the member of website.In a reality
Apply in example, platform 102 can be configured as reporting statistics and/or analysis to Workflow device 104, wherein on transmitting identifier
To report the statistics and/or analysis, and Workflow device 104 can be configured as utilizing tissue based on transmission identifier
The actual identity of member and/or associated person information supplement reported statistics and/or analysis.
In the step 216, when receiving the communication including template from platform 102, Workflow device 104 is based on transmitting and marked
Symbol is known to determine intended recipient.Workflow device 104 is based on template establishment message (such as email message), the electronics postal
Part message includes the information on intended recipient.For example, if email template includes " { emailFirstName:
User1@pva } ", then Workflow device 104 can be configured as creating has expected receive in the text of email message
The email message of the name of person.Workflow device 104 can the e-mail address from intended recipient, the mesh from tissue
Record etc. obtains the name of intended recipient, however, platform 102 does not have the access right to the name of intended recipient.In addition,
In the example of email template, Workflow device 104 is based on associated person information addition email header and by Email
Message is addressed to intended recipient.In step 218, Workflow device 104 sends to intended recipient and is based on Email mould
The email message that plate is created.Email message (such as can be calculated by recipient by the electronic equipment of recipient
Machine, smart phone, tablet PC etc.) conduct interviews and/or interact.
In one embodiment, Workflow device 104 is configured as removing from the information for being sent to platform 102 and received
The member on tissue all information or information subset.For example, if Workflow device 104 receives the member of tissue
Telephone number, then Workflow device 104 be configured to, with phone and transmit identifier to replace telephone number, and to platform
102, which send phone, transmits identifier rather than physical number.Phone is transmitted identifier and tissue by Workflow device 104
Member in each be associated, such as in a lookup table so that Workflow device 104 can identify according to phone transmission
Symbol determines the actual phone number of the actual member of tissue and/or the member of tissue.Then, if telephone network fishing will be started
Fish perceives motion, then Workflow device 104 is sent for every in the expected member for participating in the motion in tissue to platform 102
The phone of one transmits identifier.As response, platform 102 prepares template (such as telephone message template), and to workflow
Device 104 sends the communication for the template for including transmitting identifier contents with phone.Workflow device 104 is according to phone transmission mark
Know and accord with the telephone number for identifying each intended recipient, the telephone message based on template establishment personalization and call number
To transmit personalized message, for example, text message, call, voice mail, the message etc. of record.Therefore, platform 102
The actual phone number of the member of tissue is not received.In one embodiment, platform 102 can be independently of Workflow device 104
To dispatch and configure motion.The message is configured as soliciting to Workflow device 104 (rather than platform 102) from the member of tissue
Reply, for example, including telephone number etc. of contact Workflow device 104 in the message.Workflow device 104 receive independently of
The reply of the message sent to the member by organizing of platform 102.Workflow device 104 is configured as removing from reply can be with
Information and/or any confidential information for the member that identifies or contact tissue, and sent to platform 102 by after information removing
Reply for analyzing, assessing.Therefore, platform 102 do not receive from the reply carried out by the member that organizes yet tissue into
The identification information and/or associated person information of member.In the case of without identification information/associated person information or confidential information, platform
102 remain able to dispatch and report whole result.
In one embodiment, Workflow device 104 is configured as from tissue reception on the member of tissue by field
The information of tissue.Various fields can include such as name, e-mail address, telephone number, Mobile Directory Number, social matchmaker
Body identifier, the department in tissue, position title etc..Workflow device 104 be configured as create identifier with these words
The information in scheduled field in section is associated, and makes the information in other scheduled fields in these fields not by shadow
Ring.Identifier, which is used to being sent to platform 102, replaces actual information, and any identification information of the member not comprising tissue with/
Or associated person information.For example, Workflow device 104 can by the name of the member of tissue, e-mail address, telephone number,
Each in Mobile Directory Number, social media identifier and position title is associated with identifier, and is made in tissue
The department of member is uninfluenced, for example, platform 102 will receive the actual department in the tissue of member but only be identifier, puts down
Platform 102 can not determine personal or associated person information according to the identifier for other fields.Can be from Workflow device 104 to flat
Platform 102 sends the department in identifier and organizational information.Department is not changed by Workflow device 104 in other embodiments
Other information can by platform 102 using be used for Social Engineering test result analysis/assessment.In one embodiment,
Workflow device 104 be configured as receive input, with to platform 102 transmit identifier before, preference, strategy based on tissue
Deng it is determined that will be associated for which field information with identifier or without associating.
In one embodiment, device 104 is configured as being attached to send by the various application interfaces in tissue
Message, this allow " transmission message " function expand to device 104 from platform 102, without platform 102 to tissue be not intended to its from
The organizational information opened tissue or leave the control of tissue has access right, and has without platform 104 to the application in tissue
The direct access right of interface.
In one embodiment, Workflow device 104 and platform 102 use application programming interfaces (for example, web services are adjusted
With, remote procedure call etc.) communicated.Therefore, platform 102 can transmit message in the tissue by Workflow device 104
The details of the network for the tissue being connected to without knowing Workflow device 104.In one embodiment, Workflow device 104
Expansion platform " transmission message " function simultaneously serves as SMTP clients, and is communicated with the smtp server of tissue so as to change
Message transmission is to intended recipient.
When detecting trigger event by Workflow device 104, Workflow device 104 is sent on triggering to platform 102
The information and transmission identifier of event, Workflow device 104 can determine the expected reception of message according to the transmission identifier
The associated person information of person, but platform 102 can not determine the identity or contact person's letter of intended recipient according to the transmission identifier
Breath.Based on the information on trigger event, platform 102 generates the communication for including template.Communication is not email message.Communication
Including template (such as, email message template) and message request.Message request include on transmit identifier and when
Between frame information.The communication is sent to Workflow device 104 by (such as channel transfer) non-email connection of safety.
Workflow device 104 receives the communication and based on the template establishment message received from platform 102, such as electronics
Email message, such as with header, etc..In one embodiment, Workflow device 104 is configured as being based on expection
The information of recipient to carry out personalization to each message.Then, in one embodiment, Workflow device 104 uses bag certainly
The smtp server contained transmits the message created based on the template received from platform 102.
In one embodiment, the company of hosted platform 102 also by the e-mail server trustship of safety in tissue
Outside.Workflow device 104 is configured with safe e-mail server and sent come the recipient into tissue by working
The email message that stream device 104 is created based on the email template received from platform 102.By Workflow device
104 communications received from platform 102 are not email messages, for example, be not by SMTP receive, etc..Safety
E-mail server be not directly addressable by platform 102.In one embodiment, all message and daily record periodically from
Deleted in the e-mail server of safety.
In one embodiment, Workflow device 104 is configured as sending email message to the member of tissue, such as
The email message prepared by Workflow device 104 based on the email template received from platform 102.Email disappears
Breath includes being used to solicit by what Email was replied.The email response for carrying out the member of self-organizing is configured as being drawn
Lead the smtp server not accessed by platform 102.Email response is directed to Workflow device 104 by smtp server,
The Workflow device using IMAP/POP or other look back and/or read email response similar to agreement.Workflow device
104 are configured as removing any identification information or associated person information of the member of tissue from email response, to summarize
Secret and/or other information in (for example, hash etc.) Email, and the Email summarized is sent to platform 102 and is rung
Should, associated person information and/or identification information are removed for assessing, analyzing.Therefore, platform 102 not from by organize into
Member is to receiving identification information, contact details or confidential information in the reply of email message.
In one embodiment, the intended recipient that Workflow device 104 is configured as into tissue, which is sent, includes link
Email message.When by intended recipient clickthrough, it is contemplated that recipient be brought to by with platform 102 it is separating and/
Or the webpage serviced by the login page server of the inaccessible of platform 102.In one embodiment, Workflow device 104
Including and/or serve as login page server.In another embodiment, login page server and Workflow device 104 separate
And separated with platform 102.The link is configured as sending the mark associated with comprising the email message linked being clicked
Symbol, such as hexadecimal number, etc..Workflow device 104 is configured to determine that (or being determined according to login page server) electricity
Sub- email message includes the link being clicked.Then, Workflow device 104 determines receiving with the chain being clicked in tissue
The identity of the member of the Email connect, using platform 102 can not according to its determination on the member of tissue any identification believe
The identifier of breath replaces identity and sends the identifier on the link being clicked to platform 102 for analyzing, assessing
Deng.Therefore, platform 102 does not obtain the information of the actual identity or associated person information on the member of the clickthrough in tissue.
In one embodiment, the logon web page reached when the link in member's click Email of tissue can solicit tissue
Member is entered information into webpage, for example, webpage, which may be embodied in, can wherein input field of information etc..Tissue may wish
Hope and collect the information that member is input in webpage, but may not want that information leaves the control of tissue.Workflow device 104 by with
Collection is set to (if Workflow device 104 serves as login page server, or to fill if logged on page server and workflow
Put 104 points to open, then Workflow device 104 is collected from login page server) by the information for the member's input organized.Then, believe
Breath can be summarized (for example, hash etc.), and can be sent from Workflow device 104 to platform 102 on such as input
The designator of amount/type of character etc. and the information of general introduction are for assessing, analyzing, and the bottom-up information without reality is in itself
Leave the control of tissue.
Describe various example triggers and Workflow device/platform response.For example, in one embodiment, work as tissue
Member from the Help Desk of tissue ask new password and/or reset password when, Workflow device 104 determines that trigger event has been sent out
It is raw, for example, Help Desk can have the database that have recorded wherein for all requests of new password etc..Workflow fills
104 are put when the password for detecting one in source 106 is reset, (or in one embodiment, according in predetermined amount of time
It is interior to reset the predetermined scheduling handled regularly for all passwords detected), contact platform 102 and indicate this species
The trigger event of type has occurred and that.Platform 102 creates the communication for including email template based on such trigger event.
Communication also includes message request, and the message request includes the information on transmitting identifier, and Workflow device 104 can be according to this
Transmit identifier and determine intended recipient and time frame.Workflow device 104 is based on email template establishment Email and disappeared
Breath, the Email is sent with the member that its password from Workflow device 104 into tissue is reset, ask the tissue into
Member clicks on the link in Email and inputs new password information for checking.The electronics postal created by Workflow device 104
Part message be based on included in the email template and message being sent to from platform 102 in the communication of Workflow device 104 please
(including on transmitting the information of identifier and time frame) is asked come what is created.
The communication sent from platform 102 to Workflow device 104 includes email template and including transmitting identifier
Message request, Workflow device 104 can determine the electronics postal that will be created by Workflow device 104 based on the transmission identifier
The identity and time frame information of the intended recipient of part message, for example, on when will be sent to intended recipient by working
Flow the information for the email message that device 104 creates.Connected by platform 102 by the passage of safety (for example, not passing through
SMTP Emails) sent to Workflow device 104 and include the communication of email template.Workflow device 104 is based on from flat
The communication that platform 102 receives will be sent to the email message of the intended recipient member of tissue to create.If receive
Person clicks on the link that is included in email message and by the Password Input of recipient to login page website, then login page
Notify that recipient's email message and login page are tests, when Email is real phishing attacks electronics postal
When part rather than test recipient by be phishing attacks victim, and in one embodiment, login page is directed to
Recipient suggests training chance.Workflow device 104 encrypted message inputted by recipient is summarized for example, hash (or
Website is instructed to summarize it), and abandon (or instructing website to abandon) secret encrypted message.Workflow device 104 utilizes mark
Symbol is known to record the information of general introduction, and Workflow device 104 can determine the offer confidential information of recipient according to the identifier
Identity and/or associated person information, but platform 102 can not determine the identity and/or contact person's letter of recipient according to the identifier
Breath.
In another embodiment, when the member of tissue asks new password and/or reset password from the Help Desk of tissue, work
Make stream device 104 and determine that the trigger event has occurred and that, have recorded wherein for new password for example, Help Desk can have
The database of all requests etc..Workflow device 104 detect one in source 106 password reset when, (or
In one embodiment, it is regular to reset the predetermined scheduling handled for all passwords detected according within a predetermined period of time
Ground), contact platform 102 and indicate to have occurred that such trigger event.Platform 102, which creates, to be included being used for this species
The communication of the email template of the trigger event of type and the message request including transmitting identifier, Workflow device 104 can be with
The identity of the intended recipient of email message for determining to be created by Workflow device 104 based on the transmission identifier and when
Between frame information, for example, on when the email message created by Workflow device 104 will be sent to intended recipient
Information.Workflow device 104 is reset using email template to create its password from Workflow device 104 into tissue
Member send email message, ask tissue member click on Email in link and input new password information with
For verifying.Platform 102 sends the communication for including email template to Workflow device 104.Workflow device 104 is according to electricity
Sub- email template creates email message, and sends email message to the intended recipient member of tissue.If receive
Person's clickthrough simultaneously inputs password, then website notifies that recipient's Email and website are tests, when Email is real
Phishing attacks Email rather than during test, recipient by be phishing attacks victim, and at one
Suggest training chance for recipient in embodiment.Workflow device 104 is summarized the encrypted message inputted by recipient
For example, hash (or instructing website to summarize the encrypted message), and abandon (or instructing website to abandon) secret encrypted message.
The information of the record general introduction of Workflow device 104 simultaneously substitutes identification information using identifier, and platform 102 can not be true according to the identifier
Determine the identity and/or associated person information of recipient.In this case, platform 102 provides renewal using Workflow device 104
Information simultaneously triggers platform action.
In one embodiment, Workflow device 104 is configured as joining regularly and/or based on the request from user
It is platform 102 to receive the neurological susceptibility and/or social activity of anonymous (for example, without identification information) on the tissue to Social Engineering
The report and/or analysis of engineering test result.In one embodiment, Workflow device 104 is configured as based in report
Identifier supplements the report and/or analysis of anonymity using identification information and/or associated person information.
Example triggers event can include:For example, new associated person information is added in address book, the member by tissue
The different department for being moved to tissue, the member organized are with the membership qualification anniversary in tissue (for example, employee is with the work anniversary
Deng), the membership request of tissue resets password, the member of tissue violates loss of data prevention rules, the member of tissue is by suspicious electricity
Sub- email relaying is to Help Desk, user complete training, user changes working condition or role, keeper are triggered based on its subordinate
Event, user is locked in outside system because too many time is attempted to log in, user finds time from work, user is because manpower provides
Source in violation of rules and regulations and be charged with, safety warning/accident, company restructuring, reduce the staff, subcontractor's registration/exit.Other are exemplary to touch
Hair event can include personal visit or attempt to be used to access known phishing web site, access or attempt to be used to access
Suspicious phishing web site, receive phishing e-mail or communication or intercepted as by inbound messages filter
Phishing e-mail or communication intended recipient.Especially, the spear type network for being directed into unique individual is fished
The identification of fish Email or communication can be used as trigger event.Extra trigger event can be ignored including individual or fail to ring
Should be invited in training, to consulting or the previous or pending change of employment contract or state or in recognizable packet based on individual character,
IQ, physics or can objective examination other personal attributes carry out classification.
The Workflow device 104 in monitoring source 106 allows to be merged from multiple database sources based on the user property of risk.Example
Such as, human resource database can include the associated person information of all members of tissue, and Help Desk database can include being directed to
All requests of new password, the report of IT problems, the list of the new virus found, and such Workflow device 104 can be with
Using the information from Help Desk database, for example, for the request of new password, it is used to trigger Workflow device 104 automatically
To contact platform 102 so as to start for reducing the motion to the neurological susceptibility of Social Engineering.Due to a variety of sources 106 just by
Workflow device 104 monitors, it is possible to observes a variety of triggerings, Workflow device 104 by Workflow device 104
Automatically (for example, without user intervention) guide platform 102 Workflow device 104 can be passed through based on the triggering type observed
To start different motions to the different members of tissue, test etc..
In one embodiment, Workflow device 104 is configured as carrying out outbound connection with platform 102, for example, without group
Knit and open any input port, and therefore need not carry out any modification to the fire wall of tissue.In one embodiment, work
Stream device 104 is configured with encrypted tunnel technology (for example, VPN, SSH etc.) and carries out exporting connection and/or lead to platform 102
Road.Then, Workflow device 104 and platform 102 can transmit communication by channel security, wherein in Workflow device 104
The data sent between platform 102 are encrypted.From platform 102 to work by passage rather than such as by Email
Flow device 104 and send message.
In one embodiment, tissue can be directed to and multiple Workflow devices as described above is provided, for example, different operating
Flow device and be used for different department of tissue, etc..
In one embodiment, Workflow device 104 can include being configurable for caching the information from platform 102
Memory.For example, mass file (for example, multimedia training file etc.) can be buffered in the memory of Workflow device 104
In for carrying out quick in organization internal and/or easily accessing to it, without using and/or accessing large-scale text every time
Mass file is downloaded during part from such as platform 102.
In one embodiment, Workflow device as described above is served as the group on the Virtual base framework of tissue
The black box of the tissue of operation in the network knitted.
In one embodiment, platform 102 is configured as creating website, and email template is linked to the website
In be sent to Workflow device 104.Website can include to be linked to the website someone indicate that the website is legal
Information.In addition, website can include being configured as receiving information (for example, confidential information) and user's offer secret from user
The field of the request of information.
With reference to figure 3, another embodiment of system 300 is shown, such as assessing and/or reducing tissue to Social Engineering
Neurological susceptibility system.System 300 allows in the software as service environment (for example, away from client tissue) to from group
The data of the test for the person of being made into are analyzed and assessed, without the algorithm and source code for being analyzed data and being assessed
It is given to tissue, and without making any confidential information, sensitive information, associated person information or member identification leave group
The control knitted.System 300 has many similarities with said system 100, therefore other are characterized in emphasis described below.
In one embodiment, system 300 includes the platform 302 away from tissue (such as not under the control of tissue).
Platform 302 includes processor, and the processor is programmed to generate and/or fetches the message for Social Engineering's test and assessment
With response of the analysis to message and test result.System 300 also includes Workflow device 304.In one embodiment, workflow
Device 304 is located at the physical locations of tissue, is run in the architecture of tissue, or under the control of tissue.Work
The source 306 (such as similar to above-mentioned source 106) of information of the stream device 304 with organizing is communicated.Workflow device 304 is from group
Knit and receive address book.The identification information of the member of address book including tissue, such as name, department, position in tissue etc..This
Outside, the associated person information of the member of address book including tissue, for example, e-mail address, telephone number, Mobile Directory Number,
Social media identifier etc..If tissue is not intended to the control that confidential information (for example, information in address book) leaves tissue,
Device 304 is configured to carry out at least part of the identification information of address book associated person information that is Aliasing, and being directed to address book
Create transmit identifier, but also create and retain be enough according to Aliasing information and transmit identifier it is not Aliasing to identify
Address book in entry information, such as create look-up table etc..
In one embodiment, the information in address book is carried out Aliasing including Random Maps.If thus, for example,
More than one member in tissue has name " John ", then the Aliasing name of each " John " in organizing will be different
Aliasing value, for example, preventing different 30 hexadecimal number or any other suitable alias of the leakage of information, example
Such as, prevent from determining the information of the actual identity of the member on tissue or associated person information based on Aliasing information.
Device 304 be configured as in a secured manner (for example, as described above channel transfer etc.) by internet with it is flat
Platform 302 is contacted and communicated.When device 304 detects the trigger event in the source 306 come in self-organizing, device 304 by with
It is set to the member that information and the tissue that is contacted in response to the trigger event on trigger event are sent to platform 302
Identifier is transmitted, for example, platform 302 does not receive the actual contact person letter of the member of the tissue contacted in response to trigger event
Breath.In one embodiment, on any identification information for being sent to platform 302 in the member of tissue to platform 302
It is before Aliasing so that platform 302 not can determine that any identification information of the member on tissue.Associated person information is not sent out
Platform 302 is sent to, but (platform 302 can not determine the actual contact person of the member of tissue to transmission identifier according to the identifier
Information) alternatively it is sent to platform 302.In another embodiment, platform only will be sent to the member on tissue
Some progress in 302 identification information are Aliasing, and the other parts of identification information can not be by Aliasing and can be by putting down
Platform 302 identifies, such as department of tissue for working wherein of member etc. can not be Aliasing.
Based on the information of the trigger event on being received from Workflow device 304, bag is fetched and/or created to platform 302
Include the communication of template (such as email template).In one embodiment, platform 302 sends to Workflow device 304 and included
The communication of template, the template include universal tag, and the universal tag works to the type of the configured information of Workflow device 304
Flowing device 304 includes the type of described information in the message created by Workflow device 304 based on template, with for pre-
Phase recipient carries out personalization to message, for example, email template can include the greeting of " hello, Email name ",
The name of each intended recipient will be fetched from address book based on the greeting Workflow device 304, and name is inserted
Into each Email created based on email template for the expection of intended recipient.In another embodiment,
Platform 302 is configured as Aliasing information being inserted into template, for example, utilize " hello, come since device receive it is other
The email template greeting of the alias value of the Email name of the address book of nameization " replacement " hello, Email name ".
In various embodiments, other kinds of template can be created by platform 302 (for example, the pin for audible messages
This template, template for text message etc.) and send it to Workflow device 304, and Workflow device 304 can be with
It is configured as creating other kinds of message based on other kinds of template, for example, audible messages, written message, text disappear
Breath etc..
Device 304 receives the communication for including template from platform 302, and determination will be based on the message that template is created
Intended recipient.Then, device 304 is found and replaces the label in message, or Aliasing information is being inserted by platform 302
In the case of, Aliasing information is replaced using the actual information on the intended recipient from address book.Put down wherein
Aliasing information is inserted into the embodiment of template by platform 302, once device 304 determines the intended recipient of message, then
Device 304 searches each part of the Aliasing information in template, and the corresponding actual information from address book is defeated
Enter in by message of the device 304 based on template establishment, for example, " Aliasing name " is changed into " actual name ", by " not
The surname of nameization " is changed into " actual surname ", is changed into " Aliasing academic title " " actual academic title " etc..If in Aliasing value
One mismatches with the Aliasing value in look-up table, then device 304 will identify and/or remedy the mistake, and wherein look-up table is
The table that actual information in Aliasing value and address book for intended recipient is associated.If for example, device 304
The intended recipient for determining message is " John Smith ", and the Aliasing value of John Smith name is in a lookup table
" XYZ ", and Aliasing name is replaced by " ABC " to be inserted into message by platform 302, then and device 304 will identify that
Aliasing value is not corresponding with intended recipient, and will not insert the different recipients with Aliasing name " ABC "
Name.
Once device 304 using the message personalized based on template establishment of the information from address book, device 304 just by
Be configured to such as by internet, by secure connection one into multiple servers 350 transmission of message based type
Personalized message.For example, if message is email message, device 304 is configured as to e-mail server 352
Send message.Then, e-mail server 352 provides Email the email account 353 of intended recipient.Such as
Fruit message is text message, then device 304 is configured as sending message to text message service device 354.Then, text message takes
Business device provides text message the text message account of intended recipient.If message is audible messages, such as voice mail
Deng, or if the text version of message is said by the Text To Speech converter of computerization, then device 304 be configured as to
Telephony server 356 sends message.Then, telephony server 356 provides audible messages in the phone 357 of intended recipient.
In one embodiment, server 352,354,356 is contained in Workflow device 304, for example, Workflow device
304 include and/or serve as server 352,354,356 in itself.In another embodiment, server 352,354,356 and work
Flow device 304 to separate, but communicated with Workflow device 304, and also separate but can not be visited by platform 302 with platform 302
Ask.
In one embodiment, message solicits the response from recipient.The response solicited can with initial message
Medium identical medium (for example, audible, text, Email) on, or can be on different media.Workflow device
304 are configured as that response of the recipient to message is monitored and collected such as by server 350.Device 304 is configured as back
Care for the predetermined information received by the response of the response each received, the control for being not intended to leave tissue by tissue and carry out alias
Other predetermined informations change, made tissue not require to be retained in received by the response under the control of tissue keep non-alias
Change and some predetermined informations to receiving in the response are summarized, such as in one embodiment, information can not be other
Nameization.Then, device 304 be configured as sending to platform 402 the Aliasing part each responded, not Aliasing part and
The part of general introduction is for analyzing and/or assess.Therefore, confidential information is maintained under the control of tissue and is not presented to
Platform 302.The analysis of platform 302 responds and prepares the report of Social Engineering's test and/or training, for example, on result, validity
Deng report.Device 304 receives the report of the information with Aliasing information and general introduction, and updates this report to utilize example
Actual information such as from address book replaces Aliasing information, and the information of general introduction is for example replaced using actual information so that should
Report can be looked back by the special member organized.Therefore, it is unavailable that the report provided from device to tissue can include platform
Personally identifiable information.
If for example, voice mail message to be sent to the member of tissue, recipient's calling telephone number " XXX- is asked
XXX-XXX ", input code " YYYY ", and leave provide the people new computer password voice mail, then device 304 by with
It is set to for call to monitor telephony server 356.When receiving the calling from organizational member, device 304 by with
It is set to using address book to identify telephone number that the member is being called according to it.Device 304 will be to the telephone number
Information carries out Aliasing so that platform 302 does not receive the actual phone number of the member.Device 304 will be also collected by the tissue
Member input " YYYY " code.However, due to the information be not it is secret (be, for example, to be generated by system, such as when disappearing
Breath is generated when being initially generated by platform 302), so the information can be passed to platform 302, and not by device 304
It is Aliasing.Device 304 also collects the audible messages of the member of tissue, for example, as .wav files or any other suitable type
File.Audible messages can include confidential information, but (in other embodiments, can not use automatic or hand by Aliasing
Audible messages are converted into text by dynamic speech recognition technology, and device 304 can be configured as entering resulting text
Row is Aliasing).On the contrary, device 304 is configured as to the information on audible messages (for example, message-length, non-mute record
The quantity of the estimation of syllable in number of seconds, volume-level, audio file, its combination etc.) summarized, to preserve message in itself
It is not to send message in itself to platform 302.The information of general introduction can be passed to platform 302 so that confidential information is without departing from group
Knit.Therefore, device 304 is configured as looking back the response being collected into for the member for carrying out self-organizing and to some letter from response
Breath progress is Aliasing, makes the other information from response not Aliasing and according to pre-defined algorithm to the other information from response
Summarized without user intervention.In one embodiment, device 304 is configured as receiving the instruction for carrying out self-organizing, is used for
Determine which information will will be kept the specification according to tissue not by Aliasing and which information by Aliasing, which information
To be summarized.
In one embodiment, the communication for Workflow device 304 being provided by platform 302 includes transfer mode designator,
For example, indicate Workflow device 304 by the type of the message created based on template and/or medium (for example, phone, electronics postal
Part, SMS etc.), Workflow device will transmit the message based on template establishment by it.In one embodiment, carried by platform 302
The communication of confession includes dispatch command, for example, when instruction Workflow device 304 creates and send message, if message can not pass
Pass (such as busy signal, bounce-back notice etc.) then this what does (for example, communication includes effective information and causes Workflow device 304
Know should clawback or retry how many times, in one day when, in one week when etc. be allowed to or do not allow to send
Message and how to inquire that platform 302 further indicates).
It should be appreciated that accompanying drawing illustrate in detail exemplary embodiment, and it is to be understood that the application is not limited to illustrating
The details or method for illustrating or being shown in the drawings in book.It is also understood that term be only used for description purpose without should by regarding
For limitation.
In view of this description, to those skilled in the art, the further modifications and substitutions of various aspects of the invention
Embodiment will be apparent.Therefore, this description is only interpreted as illustrative.Show in various exemplary embodiments
Construction and arrangement are merely illustrative.Although several embodiments are only described in detail in the disclosure, substantially not
In the case of the novel teachings and advantage of theme as described herein, many modifications can be carried out (for example, size, dimension, knot
Structure, the value of parameter, arrangement, material use etc. in change).Being shown as some integrally formed elements can be by multiple part
Or element is formed, the position of element can overturn or be to change in addition, and the essence or quantity of discrete element or position
It can be changed or change.According to alternate embodiment, any process, the order of logical algorithm or method and step or sequence can be by
Change or reorder.In the case of without departing substantially from the scope of the present invention, design, operation that can also be in various exemplary embodiments
Other substitutions, modifications, changes and omissions are carried out in condition and arrangement.
In various embodiments, platform and Workflow device described herein can include general processor, dedicated processes
Device, the circuit comprising one or more processing components, a distribution type processing component are (for example, be configurable for point of processing
Cloth computer) etc..The embodiment of platform and Workflow device can be or including for carrying out data processing and/or signal
Any amount of component of processing.According to exemplary embodiment, any distributed and/or local memory device can be with this public affairs
System, method, apparatus and the platform opened are come together to use and/or are included therein.In one embodiment, Workflow device
Or platform can include the memory that is communicatively connected to processor or instrument (for example, via circuit or other connections), and
And it can include being used for the computer code for performing one or more processes as described herein.
In various embodiments, platform and/or Workflow device can be realized with software.In another embodiment, put down
Platform and/or Workflow device can be realized with the combination of computer hardware and software.In various embodiments, realize and beg for herein
The platform of opinion and/or the system of Workflow device include the one or more treatment groups for being configured to supply the function being discussed herein
Part, one or more computer storage components and one or more communication components.In various embodiments, platform and/or
Workflow device can include general processor, application specific processor (ASIC), the circuit comprising one or more processing components, one
Distribution type processing component, the distribution type computer for being configurable for processing etc..In various embodiments, platform and/
Or Workflow device can include memory assembly, such as one or more equipment for data storage and/or for completing
And/or be advantageous to the computer code of the various processes described in the disclosure, and database component, object code can be included
The message structure of component, script component and/or any other type for supporting the various activities described in the disclosure.Each
In kind embodiment, communication component described herein can include being used for the data for transmitting the system and method for be discussed herein
Hardware and software.For example, communication component can include being used for receiving and send as discussed herein the electric wire of information, jack,
Interface, wireless communication hardware etc..In various specific embodiments, platform, Workflow device and/or method described herein can be with
It is to include for providing various functions and performing the non-temporary of (for example, computer code) instruction for the various steps being discussed herein
Embodiment in the computer-readable medium of when property.In various embodiments, computer code can include object code, program
Code, compiled code, scripted code, executable code, instruction, the instruction of programming, non-transitory programming instruction or its is any
Combination.In other embodiments, Workflow device and/or platform described herein can by any other suitable method or
Mechanism is realized.In one embodiment, above-mentioned Workflow device can be local, for example, with organizing identical physics
It is opening position or being realized on the computer hardware under the control in tissue.In other embodiments, Workflow device and/
Or platform may be located remotely from tissue, such as not with organizing identical physical locations.
In one embodiment, Workflow device described herein can be to store and/or be hosted locally at groups of clients
The software knitted is realized.In various embodiments, Workflow device described herein can be via Distributed Calculation in Yun Zhongshi
Existing, software of such as trustship on the server away from client tissue is not in identical physical location with client tissue.
Claims (34)
1. a kind of be used to assess system of the tissue to the neurological susceptibility of Social Engineering, the tissue is set with multiple sources and using electronics
Standby multiple members, the system include:
The device to be communicated with the multiple source, described device are configured as described more from least one reception in the source
The associated person information of individual member, and detect the trigger event from the multiple source;And
Platform, its away from described device and be configured as from described device receive instruction detect trigger event signal,
The communication of template is included based on each preparation in the trigger event and sends the communication to described device;
Wherein, when receiving the communication, described device is configured as fetching the contact person letter of intended recipient member
Breath, create message and send the message to the intended recipient member based on the template.
2. system according to claim 1, wherein, the platform is not received described in the multiple member from described device
Associated person information.
3. system according to claim 1, wherein, the platform is configured as compiling the information on trigger event
Translate, and the tissue is assessed the neurological susceptibility of Social Engineering based on the trigger event.
4. system according to claim 1, wherein, the source includes multiple databases and message transfer service.
5. system according to claim 1, wherein, described device is configured as including the expection in the message connecing
The personal information of receipts person member.
6. system according to claim 1, wherein, the message sign sent from described device to the intended recipient member
The intended recipient member is asked to take action.
7. system according to claim 6, wherein, the action solicited by the message be it is following in one:Point
Link is hit, confidential information is provided and downloads file.
8. system according to claim 6, wherein, the platform is configured as whether monitoring the intended recipient member
Take the action solicited by the message.
9. system according to claim 1, wherein, described device be configured as regularly from the multiple source at least
One source determine in the associated person information any one whether be updated or whether new associated person information has been added.
10. system according to claim 1, wherein, described device is configured as only carrying out output with the platform being connected.
11. system according to claim 1, wherein, described device is configured to act as special smtp server and base
Come to carry out personalization to the message in the label being included in the template.
12. system according to claim 1, wherein, described device is built-in, tissue trustship or hosted outside
The SMTP clients of one in smtp server.
13. system according to claim 1, in addition to from the tissue hosted outside and separate with the platform
The smtp server of safety.
14. system according to claim 13, wherein, the safe smtp server is by different from the tissue
Two tissue trustships, and wherein, all message and daily record are all regularly deleted from the safe smtp server.
15. system according to claim 1, wherein, the message includes the link to login page, and wherein, institute
State the login page server that device includes being configured as servicing the login page.
16. system according to claim 15, wherein, the login page solicits visitor and inputs information, and wherein,
Described device is configured as collecting the information independently of the platform.
17. system according to claim 1, wherein, the message includes the link to login page, and wherein, clothes
The be engaged in server of the login page is independently of the platform.
18. system according to claim 1, wherein, the message includes arriving by the login page of the platform trustship
Link, and wherein, the platform be configured as periodically being reset with remove on click on the intended recipient of the link into
The information of member.
19. system according to claim 1, wherein, the message solicits the electronics from the intended recipient member
Email response, smtp server that the email response is configured as to be accessed by the platform transmit, wherein,
Described device is configured as:Look back the email response from the intended recipient member, the message is carried out
It is Aliasing to remove identification information and Aliasing message be forwarded into the platform.
20. system according to claim 19, wherein, it is described it is Aliasing be to use seed or non-seed Cryptographic Hash Function
Come what is performed.
21. system according to claim 1, wherein, the associated person information includes telephone number, and wherein, it is described
Device is configured to, with phone identifier and replaces the telephone number, the phone identifier is sent to the platform, and
When receiving the communication from the platform, described device be configured as based on the template for each intended recipient into
Member creates the message of customization, and the telephone number of the intended recipient member is dialed for each in the message.
22. a kind of method for reducing the neurological susceptibility to the tissue of Social Engineering, the tissue have multiple sources, methods described bag
Include:
Receive the associated person information of multiple members of the tissue;
Each in the source is monitored for trigger event;
Based on the trigger event detected, at least one member in the tissue is identified as intended recipient;
Message to the intended recipient is prepared based on the characteristic of the trigger event detected, the message solicit by
The action that the intended recipient is carried out;
The message is sent to the intended recipient;
Determine whether the intended recipient takes action as solicited by the message;And
The action to the intended recipient is assessed.
23. according to the method for claim 22, wherein, the source include at least one catalogue, at least one database with
And at least one message transfer service.
24. according to the method for claim 22, wherein, associated person information includes e-mail address book, the electronics postal
The e-mail address of the member of part address book including the tissue, methods described also include regularly from the source at least
Whether the e-mail address book of one member for determining the tissue has been updated.
25. according to the method for claim 22, wherein, associated person information includes at least one of the following:For voice
Telephone number, the SMS text of the member of the tissue of phishing test can be sent to the tissue by it
Member Mobile Directory Number and the tissue member social media identifier.
26. a kind of system for being used to assess the neurological susceptibility to the Social Engineering of tissue, the tissue is with catalogue, multiple databases
And message transfer service, the system include:
Device, it is configured as the address book that the associated person information of the member with the tissue is received from the catalogue, and
Be configured to connect to the multiple database and the message transfer service, described device be configured as trigger event come
Monitor the multiple database and the message transfer service;And
Platform, it is configured as receiving the signal for the trigger event that instruction is identified by described device, based on institute from described device
State signal creation template and send the template to described device;
Wherein, described device is configured as the message based on the template establishment to intended recipient;
Wherein, the platform is configured to determine that whether the intended recipient takes predetermined action in response to the message;With
And
Wherein, the platform is configured to respond to the message on the trigger event, the message and the expection
The statistics of the action of recipient is compiled.
27. system according to claim 26, wherein, described device is configured as in the fire wall of the tissue, and
And wherein, the platform is configured as outside the fire wall of the tissue.
28. system according to claim 26, wherein, the platform is configured as being directed to the triggering thing with different qualities
Part creates different templates.
29. system according to claim 26, wherein, the platform is configured as at least one in the template
Including label, and wherein, described device is configured as adding information on described in the message based on the label
In each in the message of intended recipient.
30. system according to claim 26, wherein, the platform be configured as in a period to the tissue
The neurological susceptibility of Social Engineering analyzed, and send the analysis to described device, and wherein, described device is configured
For the information on the identity of the member of the tissue is incorporated into the analysis.
31. system according to claim 26, wherein, described device is configured as taking by the Email of the tissue
Business device forwards the message to the intended recipient.
32. a kind of be used to assess system of the tissue to the neurological susceptibility of Social Engineering, the tissue is with multiple sources and uses electronics
Multiple members of equipment, the system include:
Device, it is configured as including on the tissue from least one reception address book in the source, the address book
Multiple members in the identification information of each and associated person information, described device be configured as in the identification information
It is at least some to carry out Aliasing and the associated person information is replaced using identifier with the address book for Making Alias, will
Determined by Aliasing described information based on pre-defined algorithm;
Platform, it is configured as receiving the Aliasing address book from described device;
Wherein, described device is configured as detecting the trigger event from the source and sends the triggering thing to the platform
The instruction of part;
Wherein, the platform is configured as providing communication to described device, and the communication is included based on the trigger event
Source template, the instruction of transfer mode, the biography of one as known to described device for being mapped in the member of the tissue
Pass identifier and dispatch command;
Wherein, described device is configured as based on every in the intended recipient for the information in the address book
The template of one come create personalization message;
Wherein, described device is configured as based on the type of the message come into the multiple servers separated with the platform
One sends the message, and one in the server is configured as sending the message to the intended recipient;
Wherein, described device is configured as monitoring the response to the message from the intended recipient;And
Wherein, described device is configured as not other to the part progress other parts that are Aliasing, making the response of the response
Nameization and the part of the response is summarized based on pre-defined algorithm and sends the other of the response to the platform
Nameization, not Aliasing and general introduction part.
33. system according to claim 32, wherein, the server includes telephony server, text message service device
And e-mail server.
34. system according to claim 32, wherein, described device serves as the multiple server.
Applications Claiming Priority (9)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201562112503P | 2015-02-05 | 2015-02-05 | |
| US62/112,503 | 2015-02-05 | ||
| US201562114744P | 2015-02-11 | 2015-02-11 | |
| US62/114,744 | 2015-02-11 | ||
| US201562135990P | 2015-03-20 | 2015-03-20 | |
| US62/135,990 | 2015-03-20 | ||
| US15/015,482 US9699207B2 (en) | 2015-02-05 | 2016-02-04 | Social engineering simulation workflow appliance |
| PCT/US2016/016612 WO2016126971A1 (en) | 2015-02-05 | 2016-02-04 | Social engineering simulation workflow appliance |
| US15/015,482 | 2016-02-04 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107533619A true CN107533619A (en) | 2018-01-02 |
Family
ID=56564706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201680019962.9A Pending CN107533619A (en) | 2015-02-05 | 2016-02-04 | Workflow device is simulated by Social Engineering |
Country Status (6)
| Country | Link |
|---|---|
| US (2) | US9699207B2 (en) |
| JP (1) | JP2018510408A (en) |
| CN (1) | CN107533619A (en) |
| AU (1) | AU2016215226A1 (en) |
| CA (1) | CA2975509A1 (en) |
| WO (1) | WO2016126971A1 (en) |
Families Citing this family (50)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9356948B2 (en) | 2013-02-08 | 2016-05-31 | PhishMe, Inc. | Collaborative phishing attack detection |
| US8966637B2 (en) | 2013-02-08 | 2015-02-24 | PhishMe, Inc. | Performance benchmarking for simulated phishing attacks |
| US9906539B2 (en) | 2015-04-10 | 2018-02-27 | PhishMe, Inc. | Suspicious message processing and incident response |
| CN105187372B (en) * | 2015-06-09 | 2018-05-18 | 深圳市腾讯计算机系统有限公司 | A kind of data processing method based on mobile application entrance, device and system |
| US10013416B1 (en) | 2015-12-18 | 2018-07-03 | Amazon Technologies, Inc. | Language based solution agent |
| US9894092B2 (en) | 2016-02-26 | 2018-02-13 | KnowBe4, Inc. | Systems and methods for performing or creating simulated phishing attacks and phishing attack campaigns |
| US10331416B2 (en) | 2016-04-28 | 2019-06-25 | Microsoft Technology Licensing, Llc | Application with embedded workflow designer |
| US10319210B2 (en) | 2016-05-31 | 2019-06-11 | Honeywell International Inc. | Translating building automation events into mobile notifications |
| US11010717B2 (en) * | 2016-06-21 | 2021-05-18 | The Prudential Insurance Company Of America | Tool for improving network security |
| US9800613B1 (en) | 2016-06-28 | 2017-10-24 | KnowBe4, Inc. | Systems and methods for performing a simulated phishing attack |
| US10382370B1 (en) * | 2016-08-11 | 2019-08-13 | Amazon Technologies, Inc. | Automated service agents |
| US10484313B1 (en) | 2016-10-28 | 2019-11-19 | Amazon Technologies, Inc. | Decision tree navigation through text messages |
| US10855714B2 (en) | 2016-10-31 | 2020-12-01 | KnowBe4, Inc. | Systems and methods for an artificial intelligence driven agent |
| US10469665B1 (en) | 2016-11-01 | 2019-11-05 | Amazon Technologies, Inc. | Workflow based communications routing |
| US9749360B1 (en) | 2017-01-05 | 2017-08-29 | KnowBe4, Inc. | Systems and methods for performing simulated phishing attacks using social engineering indicators |
| US9742803B1 (en) | 2017-04-06 | 2017-08-22 | Knowb4, Inc. | Systems and methods for subscription management of specific classification groups based on user's actions |
| US20180307844A1 (en) | 2017-04-21 | 2018-10-25 | KnowBe4, Inc. | Using smart groups for simulated phishing training and phishing campaigns |
| US10362047B2 (en) | 2017-05-08 | 2019-07-23 | KnowBe4, Inc. | Systems and methods for providing user interfaces based on actions associated with untrusted emails |
| US10243904B1 (en) | 2017-05-26 | 2019-03-26 | Wombat Security Technologies, Inc. | Determining authenticity of reported user action in cybersecurity risk assessment |
| US11599838B2 (en) | 2017-06-20 | 2023-03-07 | KnowBe4, Inc. | Systems and methods for creating and commissioning a security awareness program |
| US11343276B2 (en) | 2017-07-13 | 2022-05-24 | KnowBe4, Inc. | Systems and methods for discovering and alerting users of potentially hazardous messages |
| US10657248B2 (en) | 2017-07-31 | 2020-05-19 | KnowBe4, Inc. | Systems and methods for using attribute data for system protection and security awareness training |
| US11295010B2 (en) | 2017-07-31 | 2022-04-05 | KnowBe4, Inc. | Systems and methods for using attribute data for system protection and security awareness training |
| US10708297B2 (en) | 2017-08-25 | 2020-07-07 | Ecrime Management Strategies, Inc. | Security system for detection and mitigation of malicious communications |
| US10348762B2 (en) | 2017-12-01 | 2019-07-09 | KnowBe4, Inc. | Systems and methods for serving module |
| US10257225B1 (en) | 2017-12-01 | 2019-04-09 | KnowBe4, Inc. | Systems and methods for artificial intelligence driven agent campaign controller |
| US10313387B1 (en) * | 2017-12-01 | 2019-06-04 | KnowBe4, Inc. | Time based triggering of dynamic templates |
| US10673895B2 (en) | 2017-12-01 | 2020-06-02 | KnowBe4, Inc. | Systems and methods for AIDA based grouping |
| US10812527B2 (en) | 2017-12-01 | 2020-10-20 | KnowBe4, Inc. | Systems and methods for aida based second chance |
| US10715549B2 (en) | 2017-12-01 | 2020-07-14 | KnowBe4, Inc. | Systems and methods for AIDA based role models |
| US11777986B2 (en) | 2017-12-01 | 2023-10-03 | KnowBe4, Inc. | Systems and methods for AIDA based exploit selection |
| US10009375B1 (en) | 2017-12-01 | 2018-06-26 | KnowBe4, Inc. | Systems and methods for artificial model building techniques |
| US10581910B2 (en) | 2017-12-01 | 2020-03-03 | KnowBe4, Inc. | Systems and methods for AIDA based A/B testing |
| US10348761B2 (en) | 2017-12-01 | 2019-07-09 | KnowBe4, Inc. | Systems and methods for situational localization of AIDA |
| US10839083B2 (en) | 2017-12-01 | 2020-11-17 | KnowBe4, Inc. | Systems and methods for AIDA campaign controller intelligent records |
| US10679164B2 (en) | 2017-12-01 | 2020-06-09 | KnowBe4, Inc. | Systems and methods for using artificial intelligence driven agent to automate assessment of organizational vulnerabilities |
| US10237302B1 (en) | 2018-03-20 | 2019-03-19 | KnowBe4, Inc. | System and methods for reverse vishing and point of failure remedial training |
| US10673876B2 (en) | 2018-05-16 | 2020-06-02 | KnowBe4, Inc. | Systems and methods for determining individual and group risk scores |
| WO2020023759A1 (en) * | 2018-07-26 | 2020-01-30 | Insight Sciences Corporation | Secure electronic messaging system |
| US10540493B1 (en) | 2018-09-19 | 2020-01-21 | KnowBe4, Inc. | System and methods for minimizing organization risk from users associated with a password breach |
| US10673894B2 (en) | 2018-09-26 | 2020-06-02 | KnowBe4, Inc. | System and methods for spoofed domain identification and user training |
| US10979448B2 (en) | 2018-11-02 | 2021-04-13 | KnowBe4, Inc. | Systems and methods of cybersecurity attack simulation for incident response training and awareness |
| US10812507B2 (en) | 2018-12-15 | 2020-10-20 | KnowBe4, Inc. | System and methods for efficient combining of malware detection rules |
| US11108821B2 (en) | 2019-05-01 | 2021-08-31 | KnowBe4, Inc. | Systems and methods for use of address fields in a simulated phishing attack |
| US11323476B1 (en) * | 2019-11-22 | 2022-05-03 | Trend Micro Inc. | Prevention of credential phishing based upon login behavior analysis |
| US11477229B2 (en) | 2020-03-04 | 2022-10-18 | International Business Machines Corporation | Personalized security testing communication simulations |
| US11374914B2 (en) | 2020-06-29 | 2022-06-28 | Capital One Services, Llc | Systems and methods for determining knowledge-based authentication questions |
| WO2022071961A1 (en) | 2020-10-01 | 2022-04-07 | Vade Secure Inc. | Automated collection of branded training data for security awareness training |
| CN112242948B (en) * | 2020-11-10 | 2021-12-14 | 腾讯科技(深圳)有限公司 | Group session processing method and device, computer equipment and storage medium |
| EP4106288A1 (en) | 2021-06-18 | 2022-12-21 | Deutsche Telekom AG | Method for making a social engineering attack more difficult |
Family Cites Families (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5892903A (en) | 1996-09-12 | 1999-04-06 | Internet Security Systems, Inc. | Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system |
| US6954858B1 (en) | 1999-12-22 | 2005-10-11 | Kimberly Joyce Welborn | Computer virus avoidance system and mechanism |
| US20020091940A1 (en) | 2001-01-05 | 2002-07-11 | Welborn Christopher Michael | E-mail user behavior modification system and mechanism for computer virus avoidance |
| US20050132225A1 (en) | 2003-12-16 | 2005-06-16 | Glenn Gearhart | Method and system for cyber-security vulnerability detection and compliance measurement (CDCM) |
| US20050183143A1 (en) * | 2004-02-13 | 2005-08-18 | Anderholm Eric J. | Methods and systems for monitoring user, application or device activity |
| US7971246B1 (en) | 2004-04-29 | 2011-06-28 | James A. Roskind | Identity theft countermeasures |
| US8041769B2 (en) * | 2004-05-02 | 2011-10-18 | Markmonitor Inc. | Generating phish messages |
| US7490356B2 (en) | 2004-07-20 | 2009-02-10 | Reflectent Software, Inc. | End user risk management |
| US7698442B1 (en) * | 2005-03-03 | 2010-04-13 | Voltage Security, Inc. | Server-based universal resource locator verification service |
| US8079087B1 (en) * | 2005-05-03 | 2011-12-13 | Voltage Security, Inc. | Universal resource locator verification service with cross-branding detection |
| US7788723B2 (en) | 2005-05-17 | 2010-08-31 | Computer Associates Think, Inc. | Method and apparatus for identifying computer vulnerabilities using exploit probes and remote scanning |
| US20060271631A1 (en) | 2005-05-25 | 2006-11-30 | Microsoft Corporation | Categorizing mails by safety level |
| US7769820B1 (en) * | 2005-06-30 | 2010-08-03 | Voltage Security, Inc. | Universal resource locator verification services using web site attributes |
| WO2007052021A2 (en) | 2005-11-01 | 2007-05-10 | Qinetiq Limited | Secure computer use system |
| FR2902546B1 (en) | 2006-06-16 | 2008-12-26 | Olfeo Sarl | METHOD AND SYSTEM FOR PROCESSING SECURITY DATA OF A COMPUTER NETWORK. |
| US8028335B2 (en) * | 2006-06-19 | 2011-09-27 | Microsoft Corporation | Protected environments for protecting users against undesirable activities |
| US20080047017A1 (en) | 2006-06-23 | 2008-02-21 | Martin Renaud | System and method for dynamically assessing security risks attributed to a computer user's behavior |
| US8245304B1 (en) * | 2006-06-26 | 2012-08-14 | Trend Micro Incorporated | Autonomous system-based phishing and pharming detection |
| US7802298B1 (en) * | 2006-08-10 | 2010-09-21 | Trend Micro Incorporated | Methods and apparatus for protecting computers against phishing attacks |
| US7984500B1 (en) * | 2006-10-05 | 2011-07-19 | Amazon Technologies, Inc. | Detecting fraudulent activity by analysis of information requests |
| EP2156315A4 (en) | 2007-05-14 | 2011-04-13 | Sailpoint Technologies Inc | System and method for user access risk scoring |
| WO2008142710A2 (en) | 2007-05-24 | 2008-11-27 | Iviz Techno Solutions Pvt. Ltd | Method and system for simulating a hacking attack on a network |
| US8209760B1 (en) * | 2007-06-27 | 2012-06-26 | Symantec Corporation | Quantifying a property of a focus computing resource based on proximity to other computing resources |
| US8332918B2 (en) | 2007-12-06 | 2012-12-11 | Novell, Inc. | Techniques for real-time adaptive password policies |
| US20090318130A1 (en) | 2008-04-25 | 2009-12-24 | Webmessenger, Inc. | Method and apparatus for monitoring outbound communications at a communication device |
| US20100125911A1 (en) | 2008-11-17 | 2010-05-20 | Prakash Bhaskaran | Risk Scoring Based On Endpoint User Activities |
| US8429751B2 (en) | 2009-03-13 | 2013-04-23 | Trustwave Holdings, Inc. | Method and apparatus for phishing and leeching vulnerability detection |
| US8296376B2 (en) | 2009-03-26 | 2012-10-23 | International Business Machines Corporation | Utilizing E-mail response time statistics for more efficient and effective user communication |
| US8356001B2 (en) | 2009-05-19 | 2013-01-15 | Xybersecure, Inc. | Systems and methods for application-level security |
| US9742778B2 (en) | 2009-09-09 | 2017-08-22 | International Business Machines Corporation | Differential security policies in email systems |
| US9038187B2 (en) | 2010-01-26 | 2015-05-19 | Bank Of America Corporation | Insider threat correlation tool |
| US8793799B2 (en) | 2010-11-16 | 2014-07-29 | Booz, Allen & Hamilton | Systems and methods for identifying and mitigating information security risks |
| US9373267B2 (en) | 2011-04-08 | 2016-06-21 | Wombat Security Technologies, Inc. | Method and system for controlling context-aware cybersecurity training |
| WO2012139127A1 (en) | 2011-04-08 | 2012-10-11 | Wombat Security Technologies, Inc. | Context-aware training systems, apparatuses, and methods |
| US9558677B2 (en) | 2011-04-08 | 2017-01-31 | Wombat Security Technologies, Inc. | Mock attack cybersecurity training system and methods |
| KR101328389B1 (en) * | 2011-09-30 | 2013-11-13 | 고려대학교 산학협력단 | Detecting apparatus and method for messenger phishing |
| US20130110614A1 (en) | 2011-11-02 | 2013-05-02 | Sap Ag | Enhanced Campaign Contact Tracking |
| US8739281B2 (en) | 2011-12-06 | 2014-05-27 | At&T Intellectual Property I, L.P. | Multilayered deception for intrusion detection and prevention |
| US8484741B1 (en) * | 2012-01-27 | 2013-07-09 | Chapman Technology Group, Inc. | Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams |
| US9053326B2 (en) | 2013-02-08 | 2015-06-09 | PhishMe, Inc. | Simulated phishing attack with sequential messages |
| US9262629B2 (en) | 2014-01-21 | 2016-02-16 | PhishMe, Inc. | Methods and systems for preventing malicious use of phishing simulation records |
-
2016
- 2016-02-04 CN CN201680019962.9A patent/CN107533619A/en active Pending
- 2016-02-04 CA CA2975509A patent/CA2975509A1/en not_active Abandoned
- 2016-02-04 WO PCT/US2016/016612 patent/WO2016126971A1/en active Application Filing
- 2016-02-04 AU AU2016215226A patent/AU2016215226A1/en not_active Abandoned
- 2016-02-04 JP JP2017541870A patent/JP2018510408A/en active Pending
- 2016-02-04 US US15/015,482 patent/US9699207B2/en active Active
-
2017
- 2017-06-01 US US15/610,884 patent/US9871817B2/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| US20170264633A1 (en) | 2017-09-14 |
| US9699207B2 (en) | 2017-07-04 |
| WO2016126971A1 (en) | 2016-08-11 |
| US20160234245A1 (en) | 2016-08-11 |
| JP2018510408A (en) | 2018-04-12 |
| AU2016215226A1 (en) | 2017-08-17 |
| CA2975509A1 (en) | 2016-08-11 |
| US9871817B2 (en) | 2018-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107533619A (en) | Workflow device is simulated by Social Engineering | |
| US11743294B2 (en) | Retrospective learning of communication patterns by machine learning models for discovering abnormal behavior | |
| AU2019403265B2 (en) | Threat detection platforms for detecting, characterizing, and remediating email-based threats in real time | |
| US11595353B2 (en) | Identity-based messaging security | |
| US9881271B2 (en) | Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams | |
| US12061591B2 (en) | Systems and methods for providing a two-way, intelligent text messaging platform | |
| US8788657B2 (en) | Communication monitoring system and method enabling designating a peer | |
| US8443424B2 (en) | Method and system for reducing the proliferation of electronic messages | |
| US8856928B1 (en) | Protecting electronic assets using false profiles in social networks | |
| US11252189B2 (en) | Abuse mailbox for facilitating discovery, investigation, and analysis of email-based threats | |
| US8954518B2 (en) | Communication device | |
| CN102792306B (en) | The method of kidnapping for detection of computer resource | |
| CN108305073B (en) | Method and system for executing transaction requests using a communication channel | |
| US11677782B2 (en) | Executing real-time message monitoring to identify potentially malicious messages and generate instream alerts | |
| US20180041532A1 (en) | System for Handling Communicated Threats | |
| EP3254258A1 (en) | Social engineering simulation workflow appliance | |
| US20180189738A1 (en) | In-Place Supervisory Review For Electronic Communications | |
| US20220141183A1 (en) | Detecting and Preventing Transmission of Spam Messages Using Modified Source Numbers | |
| CN116781388B (en) | Mail phishing-based separation deployment method and device | |
| TR2021015766A2 (en) | AN EMAIL SYSTEM | |
| EP2924923A1 (en) | Protection against suspect messages | |
| SE1051355A1 (en) | A communication system comprising a blocking device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180102 |
|
| WD01 | Invention patent application deemed withdrawn after publication |